3e1f33a9169f0cf71206fc0af8014d93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e1f33a9169f0cf71206fc0af8014d93_JaffaCakes118
Size

570KB
MD5

3e1f33a9169f0cf71206fc0af8014d93
SHA1

271d8d3bea65f0daa9e70bf680a97cbea8dca851
SHA256

ff276361ef59d321a2466531c518b1072e611b59ac3930820d371fd61d2f167c
SHA512

5882ef509d4a64c6dabf8cf979a585234ba8e538ad2dd3d07993a05f811ea8557585356445311b4ad4be870ad6b17b11991a032ce0cef475e04d3bf60a272ad9
SSDEEP

12288:AikrMdLTtDd0Xwj7jWhBR85QmICFyjRKAqnuFqnuE:A/rELJDd0Xwj7ah/85Xwd+uF+uE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e1f33a9169f0cf71206fc0af8014d93_JaffaCakes118

Files

3e1f33a9169f0cf71206fc0af8014d93_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b5cbc17ce43b35b3ceda534e9db5d70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\prj\deployment\201006_Release\rc\MOD\rcc_host\Release\clienthost_u_u.pdb

Imports

kernel32

WriteConsoleA
SetEndOfFile
GetLocaleInfoW
GetTimeZoneInformation
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleOutputCP
GetConsoleCP
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetStdHandle
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
WriteConsoleW
SetEnvironmentVariableA
WriteFile
ReleaseMutex
CreateMutexA
WaitForSingleObject
ReadFile
CreateFileA
SetFilePointer
CloseHandle
DeleteFileA
FreeLibrary
LoadLibraryW
GetProcAddress
MulDiv
lstrcmpW
GetCurrentProcessId
GetModuleFileNameW
GetTickCount
GetModuleHandleW
GetCurrentDirectoryW
lstrcatW
GetModuleFileNameA
GetLastError
lstrlenW
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetConsoleMode
Sleep
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
InterlockedCompareExchange
InterlockedDecrement
LoadLibraryA
IsBadReadPtr
GetVersion
GetVolumeInformationW
GetVersionExW
GetWindowsDirectoryW
GetCurrentProcess
GetComputerNameW
SetFileAttributesW
CopyFileW
DeleteFileW
CreateFileW
TerminateThread
CreateThread
lstrcpyW
lstrcpynA
GetModuleHandleA
lstrcpynW
GetTempPathA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileW
FindFirstFileW
EnumResourceTypesW
FindResourceW
GetTempPathW
SetCurrentDirectoryW
CreateDirectoryW
SetCurrentDirectoryA
CreateDirectoryA
SizeofResource
LockResource
LoadResource
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceA
FindResourceA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedIncrement
GetFileAttributesA

user32

wvsprintfA
DialogBoxParamA
EnumChildWindows
LockWindowUpdate
GetDialogBaseUnits
GetWindowRgn
DefDlgProcA
GetClassNameA
LoadBitmapA
wsprintfA
DialogBoxParamW
wsprintfW
CreateWindowExW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SetDlgItemTextW
LoadIconA
UnregisterClassW
RegisterClassW
SystemParametersInfoW
DrawTextW
DrawTextA
FrameRect
BeginDeferWindowPos
IsWindow
DeferWindowPos
EndDeferWindowPos
GetSystemMenu
TrackPopupMenuEx
FillRect
GetWindowTextW
LoadImageW
LoadBitmapW
EnableMenuItem
GetWindowPlacement
SetWindowTextW
SetWindowRgn
GetClientRect
DrawIconEx
SetRect
MapWindowPoints
InflateRect
KillTimer
CharNextW
CharNextA
CharUpperBuffW
CharUpperBuffA
IsCharAlphaNumericW
IsCharAlphaNumericA
ExitWindowsEx
GetDesktopWindow
GetParent
GetWindow
GetMenu
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
IsWindowUnicode
GetClassNameW
GetWindowTextLengthW
MessageBoxW
SetTimer
LoadCursorW
SetCursor
GetDlgItem
BeginPaint
EndPaint
SendMessageW
IsWindowEnabled
IsIconic
GetDCEx
GetWindowDC
ReleaseDC
AdjustWindowRectEx
GetWindowRect
PtInRect
DefDlgProcW
OffsetRect
SetWindowLongW
RedrawWindow
EndDialog
DestroyIcon
PostMessageW
GetWindowLongW
GetSystemMetrics
InvalidateRect
SetWindowPos
IsWindowVisible

gdi32

CreateCompatibleBitmap
SelectObject
GetMapMode
SetMapMode
GetWindowExtEx
LPtoDP
GetViewportExtEx
SetViewportExtEx
DPtoLP
SetViewportOrgEx
GetBkColor
CreateCompatibleDC
GetClipBox
DeleteDC
DeleteObject
BitBlt
SetTextColor
CreateSolidBrush
ExcludeClipRect
SetBkMode
CreateDIBSection
CreateBitmap
GetObjectW
CreateRoundRectRgn
CreateRectRgnIndirect
StretchBlt
GetStockObject
CreateFontIndirectW
ExtSelectClipRgn
SetRectRgn
OffsetRgn
SetWindowExtEx
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
SetBkColor
ExtTextOutW
CreateRectRgn

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathCompactPathW
PathCompactPathA
PathAppendA

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegDeleteValueA
RegDeleteValueW
RegCloseKey
RegCreateKeyA
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyW
RegEnumValueA
RegEnumValueW
CryptDestroyHash

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
ShellExecuteA

ole32

CoTaskMemFree

Exports

Exports

Data
Start
Stop

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b5cbc17ce43b35b3ceda534e9db5d70

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

oleaut32

shlwapi

version

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 36KB - Virtual size: 43KB

.rsrc Size: 128KB - Virtual size: 127KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 36KB - Virtual size: 43KB

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 28KB - Virtual size: 24KB